Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Publish date

14 July 2020

Identifier

CVE-2020-6278

Manufacturer

SAP (sap.com)

Product

SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1 and 4.2

Authors

Benjamin Marr and Margus Lind

Description

SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting.

Mitigation

Update to the latest release of SAP Business Objects.

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA